Marketers maintain databases that purport to track and sell the names of people who have diabetes, depression, and osteoporosis, as well as how often women visit a gynecologist, according to a Senate report published Wednesday.

The companies are part of a multibillion-dollar industry of “data brokers” that lives largely under the radar, the report says. The report by the Senate Commerce Committee says individuals don’t have a right to know what types of data the companies collect, how people are placed in categories, or who buys the information.

The report came in advance of a committee hearing on industry practices Wednesday afternoon.

The report doesn’t contain any new evidence of wrongdoing by the industry, but it underscores the tremendous increase in the sale and availability of consumer information in the digital age. An industry which began in the 1970s collecting data from public records to help marketers send direct mail has become an engine of a global $120 billion digital-advertising industry, helping marketers deliver increasingly targeted ads across the web and on mobile phones.

“Millions of consumers are now using computers, smart phones, and tablets to make purchases, plan trips, and research personal financial and health questions, among other activities,” the report says. “These digitally recorded decisions provide insights into the consumer’s habits, preferences, and financial and health status.”

The industry, which includes “hundreds of companies,” according to the Senate report, operates with little regulation, transparency, or oversight. A recent study by the Government Accountability Office found that under federal law consumers don’t have a right to know what information data brokers have compiled about them for marketing purposes – or even if a data broker holds such information.

According to the report, various data brokers collect information about people’s incomes, their home loans and pets, and then assign them to groups like “rural and barely making it” and “ethnic city strugglers.”

At the hearing, Pam Dixon, executive director of the World Privacy Forum, said at least one data broker sells lists of rape victims and victims of domestic violence.

Several brokers also track sensitive medical information, the committee found. It said Epsilon maintains one or more databases of people who allegedly have medical conditions including anxiety, depression, diabetes, high blood pressure, insomnia, and osteoporosis.

Epsilon spokeswoman Diane Bruno said the health information is self-reported by consumers who fill out surveys an Epsilon opinion-research website. She said Epsilon had provided “binders of information” to the committee, but added, “We also have to protect our business, and cannot release proprietary competitive information, or information that we’re prohibited from releasing based on contractual agreements with our clients.”

Another large broker, Equifax, maintains a database that includes women’s visits to gynecologists in the past 12 months, the committee report said. Equifax did not immediately respond to a request for comment.

The committee said it had trouble getting information from three large data brokers: Acxiom, Experian, and Epsilon. Much of the information the companies store about consumers is wrong, according to reporting by the Wall Street Journal.

Acxiom, the largest data broker, allows consumers to see some information the company keeps about them online if they register at a company website, “Abouthedata.com.” But Acxiom doesn’t tell consumers what marketing categories they are placed in. Unlike its industry peers, Acxiom gives consumers the opportunity to correct or delete the information held about them. Acxiom did not immediately respond to a request for comment.

In a statement, Experian Senior Vice President Gerry Tschopp said, “We have spent considerable time and resources to ensure that the information and documents we have provided are helpful to the Committee’s work in understanding the marketplace. To date, Experian has provided the Committee with eight submissions totaling over three thousand pages, which we believe should provide a full description of our products, services and consumer protections.”

Two federal laws, the Fair Credit Reporting Act and the Health Insurance Portability and Accountability Act, protect consumers in certain contexts. The fair-credit law ensures that agencies that provide credit reports to landlords, employers, banks and other customers also give consumers access to their credit reports and allow them to correct the information. The health law prohibits health providers and insurance companies from communicating patient information to outsiders.

But that leaves a large gray area, the report says, particularly as new companies and ways of profiling spring up. The profiles of health conditions, for example, are not covered by the health-privacy law because data brokers are not health providers. Providers of “e-credit scores,” a new type of categorization, are not considered credit-reporting agencies. Some health profiles are derived from algorithms based on people’s social media and web searches, rather than information consumers provide in surveys.

“Current federal law does not fully address the use of new technologies, despite the fact that social media, web tracking, and mobile devices allow for faster, cheaper and more detailed data collection and sharing among resellers and private-sector entities,” the report says.